On-Site Visitors Privacy Notice

This notice explains how information about you (or ‘personal data’) is collected and used in respect of visits to premises from which Wealden District Council operates (‘Council Premises’).

This notice should be read in conjunction with our Privacy Policy and other relevant service-specific Privacy Notices.

How do we get your personal data?

Most of the information we process about you is provided to us directly by you (for example, when you notify us that you will attend a meeting at Council Premises, or sign in as a visitor).  We may also receive personal data indirectly from the following sources:

• Council employees/staff involved in arranging your visit to Council Premises; and
• Your family members, care staff or other individuals or organisations involved in arranging your visit to Council Premises.

What personal data do we process?

The information we process about you will vary depending on the reasons for which you are visiting Council Premises, but will fall within the following categories as applicable:

• Contact details.
• Organisation details (for example, if you are visiting from a contractor, another public body, or partner organisation).
• Date and time of visit (‘in’ and ‘out’ times).
• Reason for visit and member(s) of staff visited.
• Vehicle information (if you are parking on Council Premises).
• Details of transport to or from Council Premises (if we have arranged this on your behalf).
• Information required to make accommodations for you (for example, accessibility requirements, dietary requirements, or religious requirements).
• Accident, medical and first aid information, in the event that you are injured or taken unwell on Council Premises.

What special category personal data do we process?

In order to achieve our objectives, we may also need to process sensitive, or “special category” personal data about you. In the context of visits to Council Premises, this is most likely to include: 

• Health;
• Religious or philosophical beliefs;
• Political opinions or affiliations;
• Trade union membership.

As described above, this information will be collected and used as necessary to facilitate your access to Council Premises, make accommodations for you, or to manage injury or sickness on Council Premises.

Why we collect personal data about you?

We will collect and hold personal data relating to your visit to Council Premises. We use this information to:

• Manage access to Council Premises.
• Ensure the security of Council Premises and assets.
• Ensure the safety of visitors and Council employees/staff, including complying with health and safety requirements and managing emergency situations.
• Make accommodations for you, to meet accessibility requirements, dietary requirements, religious requirements, etc.

Lawful bases and conditions for processing your personal data?

We process personal data where one or more of the following lawful bases apply:

• We have a legal obligation, including those arising from:
• The Health and Safety at Work etc. Act 1974.
• The Regulatory Reform (Fire Safety) Order 2005.
• The Civil Contingencies Act 2004.
• The Local Government Act 1972 and related legislation.
• We are performing a public task; or
• We are protecting vital interests.

Where we process special category data, one or more of the following conditions is satisfied:

• We are carrying out obligations and exercising specific rights in the field of employment and social protection law;
• We are processing the data for reasons of substantial public interest, including statutory and government purposes;
• We are protecting vital interests; or
• You have already made your data public.

Who do we share personal data with?

The information that we process about you may be disclosed to other organisations where permitted, or as required by, applicable law.

We share personal data with data processors, which are third parties who provide certain parts of our services for us (for example, third parties providing our meeting room booking software and the software in which we record accidents on Council Premises). We have contracts in place with them and they cannot do anything with your personal data unless we have instructed them to do so.

We may additionally share personal data with the following types of organisations:

• Third-party service providers who are data controllers rather than data processors, for example transport providers.
• Law enforcement agencies, prosecuting bodies and other interested parties for the prevention, investigation, detection, or prosecution of criminal offences, or to comply with legal obligations.
• Emergency services such as the police, fire, or ambulance services in the event of an incident affecting Council Premises.
• Regulators, including the Health and Safety Executive.
• Legal representatives and professional advisors in order to protect or defend the legal rights of the Council or in connection with legal claims, disputes, or proceedings.
• Insurance providers and claims handlers, in order to manage or investigate incidents or claims.

This sharing may include special category information where necessary, for example, where we need to share accessibility requirements with a transport provider or details of an accident with the Health and Safety Executive.

We may also share information internally with other Council departments, for example, to confirm your attendance at Council Premises, to ensure that an accident or first aid incident is recorded in the appropriate registers, or to verify your safety in the event of an emergency.

Personal data will only be used by other Council departments or external organisations when we are satisfied there is a lawful basis and the use is otherwise compliant with Data Protection legislation.

Transfer of personal data

Personal data may be transferred outside the UK where required or permitted, for example, where an appointed service provider performs part of their services from outside the UK. Any transfers outside the UK will be performed in compliance with Data Protection legislation.

Automated decision-making

No automated decision making takes place in respect of the data processing activities described in this Notice.

Retention Period

We process your personal data for the above purposes for no longer than necessary and in accordance with current legislation and the Council’s Retention Schedule.

Only in exceptional circumstances will we hold your information for longer, for example a pending court case.  All information will be held securely and disposed of confidentially.

Anonymising your data

Your personal data may be converted into statistical or aggregated data that ensures that you cannot be identified from it.  Anonymised data means it cannot be linked back to you as an individual and may be used to conduct research and analysis.  This includes the preparations of statistics for use in our reports.